tlsfuzzer: update to the latest upstream for downgrade protection teststmp-downgrade-sentinel

Signed-off-by: Daiki Ueno <dueno@redhat.com>

4 files changed, 17 insertions, 4 deletions

diff --git a/tests/suite/tls-fuzzer/gnutls-nocert-ssl3.json b/tests/suite/tls-fuzzer/gnutls-nocert-ssl3.json
index 9bf3fa20f1..a297392255 100644
--- a/tests/suite/tls-fuzzer/gnutls-nocert-ssl3.json
+++ b/tests/suite/tls-fuzzer/gnutls-nocert-ssl3.json
@@ -18,7 +18,7 @@
          },
          {"name" : "test-export-ciphers-rejected.py",
           "comment" : "we negotiate AES even in SSL3.0",
-          "arguments" : ["--ssl3", "-p", "@PORT@"] },
+          "arguments" : ["-p", "@PORT@"] },
          {"name" : "test-client-compatibility.py",
           "arguments" : ["-p", "@PORT@", "18: IE 6 on XP",
                          "52: YandexBot 3.0 on unknown",
diff --git a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
index c764130306..47fcf878a4 100644
--- a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
+++ b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
@@ -33,7 +33,12 @@
                          "-e", "drop extension in TLS 1.3 session resumption",
                          "-e", "modified extension in 2nd CH in HRR handshake",
                          "-e", "renegotiation with changed limit",
-                         "-e", "renegotiation with dropped extension"] },
+                         "-e", "renegotiation with dropped extension",
+                         "-e", "added extension in 2nd CH in HRR handshake",
+                         "-e", "check server sent size in TLS 1.0 with max_fragment_length",
+                         "-e", "check server sent size in TLS 1.1 with max_fragment_length",
+                         "-e", "check server sent size in TLS 1.2 with max_fragment_length",
+                         "-e", "removed extension in 2nd CH in HRR handshake"] },
          {"name" : "test-record-size-limit.py",
           "arguments" : ["-p", "@PORT@", "--reply-AD-size", "672",
                          "--minimal-size", "512",
@@ -108,7 +113,11 @@
 	 {"name" : "test-tls13-version-negotiation.py",
 	  "arguments": ["-p", "@PORT@"]},
 	 {"name" : "test-tls13-zero-length-data.py",
-	  "arguments": ["-p", "@PORT@"]}
+	  "arguments": ["-p", "@PORT@"]},
+	 {"name" : "test-downgrade-protection.py",
+	  "comment" : "1/n-1 splitting in TLS 1.0 is not supported",
+	  "arguments": ["-p", "@PORT@", "--server-max-protocol", "TLSv1.3",
+			"-e", "TLS 1.3 downgrade check for Protocol (3, 1)"]}
      ]
     }
 ]
diff --git a/tests/suite/tls-fuzzer/gnutls-nocert.json b/tests/suite/tls-fuzzer/gnutls-nocert.json
index fe7a6fff17..e25b6b3613 100644
--- a/tests/suite/tls-fuzzer/gnutls-nocert.json
+++ b/tests/suite/tls-fuzzer/gnutls-nocert.json
@@ -248,7 +248,11 @@
                          "-e", "too large record payload in TLS 1.3",
                          "-e", "change size in TLS 1.3 session resumption",
                          "-e", "drop extension in TLS 1.3 session resumption",
-                         "-e", "modified extension in 2nd CH in HRR handshake"] },
+                         "-e", "modified extension in 2nd CH in HRR handshake",
+                         "-e", "added extension in 2nd CH in HRR handshake",
+                         "-e", "check server sent size in TLS 1.0 with max_fragment_length",
+                         "-e", "check server sent size in TLS 1.3 with max_fragment_length",
+                         "-e", "removed extension in 2nd CH in HRR handshake"] },
          {"name" : "test-record-size-limit.py",
           "comment" : "The reply includes PRF algorithm and affects the AD size",
           "arguments" : ["-p", "@PORT@", "--reply-AD-size", "827",
diff --git a/tests/suite/tls-fuzzer/tlsfuzzer b/tests/suite/tls-fuzzer/tlsfuzzer
-Subproject a520d50cf84aba0126d1e09b12fd0038af0944b
+Subproject 13479e5a44bc10e3577fc28b921c5b999a363ce